{"report_id":"cefbbe29-1f5d-460c-b2a8-5df252ba6dbd","version":6,"status":"done","tags":[],"date":"2025-09-23T05:25:52Z","url":{"schema":"http","addr":"home-trezor-io-start-faq-web.pages.dev/","fqdn":"home-trezor-io-start-faq-web.pages.dev","domain":"home-trezor-io-start-faq-web.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.231","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"home-trezor-io-start-faq-web.pages.dev/","fqdn":"home-trezor-io-start-faq-web.pages.dev","domain":"home-trezor-io-start-faq-web.pages.dev","tld":"pages.dev"},"title":"Trézor.io/Start® | Starting Up Your Device | Trézor®"},"submit":{"url":{"schema":"http","addr":"home-trezor-io-start-faq-web.pages.dev/","fqdn":"home-trezor-io-start-faq-web.pages.dev","domain":"home-trezor-io-start-faq-web.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.231","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T05:25:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Phishing Block","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"home-trezor-io-start-faq-web.pages.dev","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2025-09-23T05:25:53.126191Z","last_seen":"2025-09-23T05:25:53.126191Z","alert_count":6,"request_count":2,"received_data":17858,"sent_data":990,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"i.postimg.cc","ip":{"addr":"46.105.222.161","port":443,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"domain_registered":"2016-06-11","domain_rank":103883,"first_seen":"2018-04-11T10:01:12Z","last_seen":"2025-09-21T22:18:14.600158Z","alert_count":0,"request_count":1,"received_data":1561660,"sent_data":514,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"home-trezor-io-start-faq-web.pages.dev/favicon.ico","fqdn":"home-trezor-io-start-faq-web.pages.dev","domain":"home-trezor-io-start-faq-web.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://home-trezor-io-start-faq-web.pages.dev/","date":"2025-09-23T05:25:27.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"home-trezor-io-start-faq-web.pages.dev","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Mon, 22 Sep 2025 10:24:48 GMT","end":"Sun, 21 Dec 2025 10:30:17 GMT"},"fingerprint":{"sha1":"9C:5F:A2:7E:26:DA:A6:92:48:E6:D8:94:5C:50:29:32:ED:F6:B8:4A","sha256":"93:8E:98:65:B6:FA:A2:26:B3:1C:87:45:2E:F5:87:AF:24:07:00:2C:24:A4:F4:CA:7A:22:10:A5:7D:B7:82:0D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: home-trezor-io-start-faq-web.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://home-trezor-io-start-faq-web.pages.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 23 Sep 2025 05:25:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=a4lnw8ciY6HGS9cm0noirO74YuRvqYasOi7rYcIaC2De51q%2F4FwLXJrAFiMU1Ote68rZGRTEtG52%2BxSlQHIQfDSexZqMls%2BM3AAnkEjys9hsgcHCbyb9vDgxw6MvD9gYoQ2Nqnm9O26spTrdx94%2FsZoM2qOKL%2FQbyw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 98379f1d3c68b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2958\u0026min_rtt=1159\u0026rtt_var=1720\u0026sent=13\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=4437\u0026recv_bytes=1234\u0026delivery_rate=1018583\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=77a2505729fd61a8\u0026ts=334\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7932,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"d68b733476323c74d8e7f2be2b693728","sha1":"49ba3c75500a1273fb15031234c22e57e4d2c688","sha256":"a138de2ba816dc65a2024b4bcb666b8884398ce38e940c829c11b24ab4c0b36c","sha512":"4d391f1b677c77307f5b56bc27d70ef37965fd4f720e3efda9301f2d7b126acbbfb9724bde69781cdfe285ba149a4e736d8b32a5b38eafdf69f421e493400c5e","ssdeep":"192:QJbllJGmAUAndUHsWw1VENQfo+9wH5bKtcjX3NNqXN0sYeVICV:ObhAUY5EcyZKs3JiV","tlshash":"81f1722febc836150973020cbda1a7b6e72ac09a23561ed3769b415f3f7135149b36c9","first_seen":"2025-09-23T05:25:55.391641Z","last_seen":"2025-09-23T12:04:10.411558Z","times_seen":2,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Phishing Block","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"home-trezor-io-start-faq-web.pages.dev/","fqdn":"home-trezor-io-start-faq-web.pages.dev","domain":"home-trezor-io-start-faq-web.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-23T05:25:26.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"home-trezor-io-start-faq-web.pages.dev","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Mon, 22 Sep 2025 10:24:48 GMT","end":"Sun, 21 Dec 2025 10:30:17 GMT"},"fingerprint":{"sha1":"9C:5F:A2:7E:26:DA:A6:92:48:E6:D8:94:5C:50:29:32:ED:F6:B8:4A","sha256":"93:8E:98:65:B6:FA:A2:26:B3:1C:87:45:2E:F5:87:AF:24:07:00:2C:24:A4:F4:CA:7A:22:10:A5:7D:B7:82:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: home-trezor-io-start-faq-web.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 23 Sep 2025 05:25:26 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0%2BbSCmNhazlwv6jkX06woLq36JV9Fjuwn238Ws65x6wSZzuvlTYjq7OIGdv6L8hOx1mTIi516qyLJEROjeYk1kA3O72MDlSCRyueFQiErZ2%2Bw1iC6KjpeGZjgrh16C2J9CTeetK%2FQENcpxxUHaNMQ7SlfjNNqgFBvg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 98379f1aecca783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=6065\u0026min_rtt=430\u0026rtt_var=11286\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3562\u0026recv_bytes=1292\u0026delivery_rate=8321839\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=4a055aba33db25d3\u0026ts=82\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7932,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"d68b733476323c74d8e7f2be2b693728","sha1":"49ba3c75500a1273fb15031234c22e57e4d2c688","sha256":"a138de2ba816dc65a2024b4bcb666b8884398ce38e940c829c11b24ab4c0b36c","sha512":"4d391f1b677c77307f5b56bc27d70ef37965fd4f720e3efda9301f2d7b126acbbfb9724bde69781cdfe285ba149a4e736d8b32a5b38eafdf69f421e493400c5e","ssdeep":"192:QJbllJGmAUAndUHsWw1VENQfo+9wH5bKtcjX3NNqXN0sYeVICV:ObhAUY5EcyZKs3JiV","tlshash":"81f1722febc836150973020cbda1a7b6e72ac09a23561ed3769b415f3f7135149b36c9","first_seen":"2025-09-23T05:25:55.391641Z","last_seen":"2025-09-23T12:04:10.411558Z","times_seen":2,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":39,"dns":19,"connect":1,"send":0,"wait":66,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-09-23","alert":"Phishing Block","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-23","alert":"Sinkholed","trigger":"home-trezor-io-start-faq-web.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.postimg.cc/zJQVdmvC/screencapture-trezor-io-trezor-suite-2025-06-26-15-44-07.png","fqdn":"i.postimg.cc","domain":"postimg.cc","tld":"cc"},"ip":{"addr":"46.105.222.161","port":443,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://home-trezor-io-start-faq-web.pages.dev/","date":"2025-09-23T05:25:27.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"postimg.cc","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 Aug 2025 02:47:56 GMT","end":"Sat, 15 Nov 2025 02:47:55 GMT"},"fingerprint":{"sha1":"20:6C:66:66:68:F7:B4:5E:C5:99:09:F7:0A:73:95:2A:A3:88:22:EF","sha256":"A5:63:1D:6D:11:2D:26:7C:BE:F7:F6:A9:F4:F8:3E:22:50:5C:25:D9:66:3A:A5:C5:08:CC:5C:C7:9E:29:4E:ED"}}},"request":{"raw":"GET /zJQVdmvC/screencapture-trezor-io-trezor-suite-2025-06-26-15-44-07.png HTTP/1.1\r\nHost: i.postimg.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://home-trezor-io-start-faq-web.pages.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 23 Sep 2025 05:25:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 1561295\r\nlast-modified: Tue, 08 Jul 2025 08:47:24 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1561295,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1366 x 6286, 8-bit/color RGBA, non-interlaced","md5":"cd854b3b0677cc07a5e7f68e03c87470","sha1":"b430de8d749e815633c94eb2e06c9cd5ed3817de","sha256":"e4003481784d7bfd4e1f531ea72c0604bc53a57d5d566f8a6556995016346f05","sha512":"227735c5d22606a741b39f1083b7bcaba05e9581913d4426bfe2317ac1d77b095f48dc5141e9153a6c1f6b9c8e1038433a43c5792302784bf7a93114e3021d67","ssdeep":"24576:9PNJVYbbyHo6eKRLAhSNm6TAKHNH1y1hrKzhOtp8q3+n0rHl:9zVY+owLAh0zA0NVyLrYOtp2Y","tlshash":"b9252257ce9070afd9b90662131332d1e17902a37a381f8f2fa176716c8b6d8f531e99","first_seen":"2025-09-02T21:26:18.857489Z","last_seen":"2026-04-08T07:21:16.446286Z","times_seen":52,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":60,"dns":1,"connect":24,"send":0,"wait":25,"receive":213,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}